software.amazon.awssdk.services.sts.model.AssumeRoleWithWebIdentityRequest Maven / Gradle / Ivy
Show all versions of sts Show documentation
/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package software.amazon.awssdk.services.sts.model;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration;
import software.amazon.awssdk.core.SdkField;
import software.amazon.awssdk.core.SdkPojo;
import software.amazon.awssdk.core.protocol.MarshallLocation;
import software.amazon.awssdk.core.protocol.MarshallingType;
import software.amazon.awssdk.core.traits.ListTrait;
import software.amazon.awssdk.core.traits.LocationTrait;
import software.amazon.awssdk.core.util.DefaultSdkAutoConstructList;
import software.amazon.awssdk.core.util.SdkAutoConstructList;
import software.amazon.awssdk.utils.ToString;
import software.amazon.awssdk.utils.builder.CopyableBuilder;
import software.amazon.awssdk.utils.builder.ToCopyableBuilder;
/**
*/
@Generated("software.amazon.awssdk:codegen")
public final class AssumeRoleWithWebIdentityRequest extends StsRequest implements
ToCopyableBuilder {
private static final SdkField ROLE_ARN_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("RoleArn").getter(getter(AssumeRoleWithWebIdentityRequest::roleArn)).setter(setter(Builder::roleArn))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("RoleArn").build()).build();
private static final SdkField ROLE_SESSION_NAME_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("RoleSessionName").getter(getter(AssumeRoleWithWebIdentityRequest::roleSessionName))
.setter(setter(Builder::roleSessionName))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("RoleSessionName").build()).build();
private static final SdkField WEB_IDENTITY_TOKEN_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("WebIdentityToken").getter(getter(AssumeRoleWithWebIdentityRequest::webIdentityToken))
.setter(setter(Builder::webIdentityToken))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("WebIdentityToken").build()).build();
private static final SdkField PROVIDER_ID_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("ProviderId").getter(getter(AssumeRoleWithWebIdentityRequest::providerId))
.setter(setter(Builder::providerId))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ProviderId").build()).build();
private static final SdkField> POLICY_ARNS_FIELD = SdkField
.> builder(MarshallingType.LIST)
.memberName("PolicyArns")
.getter(getter(AssumeRoleWithWebIdentityRequest::policyArns))
.setter(setter(Builder::policyArns))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("PolicyArns").build(),
ListTrait
.builder()
.memberLocationName(null)
.memberFieldInfo(
SdkField. builder(MarshallingType.SDK_POJO)
.constructor(PolicyDescriptorType::builder)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
.locationName("member").build()).build()).build()).build();
private static final SdkField POLICY_FIELD = SdkField. builder(MarshallingType.STRING).memberName("Policy")
.getter(getter(AssumeRoleWithWebIdentityRequest::policy)).setter(setter(Builder::policy))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("Policy").build()).build();
private static final SdkField DURATION_SECONDS_FIELD = SdkField. builder(MarshallingType.INTEGER)
.memberName("DurationSeconds").getter(getter(AssumeRoleWithWebIdentityRequest::durationSeconds))
.setter(setter(Builder::durationSeconds))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("DurationSeconds").build()).build();
private static final List> SDK_FIELDS = Collections.unmodifiableList(Arrays.asList(ROLE_ARN_FIELD,
ROLE_SESSION_NAME_FIELD, WEB_IDENTITY_TOKEN_FIELD, PROVIDER_ID_FIELD, POLICY_ARNS_FIELD, POLICY_FIELD,
DURATION_SECONDS_FIELD));
private final String roleArn;
private final String roleSessionName;
private final String webIdentityToken;
private final String providerId;
private final List policyArns;
private final String policy;
private final Integer durationSeconds;
private AssumeRoleWithWebIdentityRequest(BuilderImpl builder) {
super(builder);
this.roleArn = builder.roleArn;
this.roleSessionName = builder.roleSessionName;
this.webIdentityToken = builder.webIdentityToken;
this.providerId = builder.providerId;
this.policyArns = builder.policyArns;
this.policy = builder.policy;
this.durationSeconds = builder.durationSeconds;
}
/**
*
* The Amazon Resource Name (ARN) of the role that the caller is assuming.
*
*
* @return The Amazon Resource Name (ARN) of the role that the caller is assuming.
*/
public String roleArn() {
return roleArn;
}
/**
*
* An identifier for the assumed role session. Typically, you pass the name or identifier that is associated with
* the user who is using your application. That way, the temporary security credentials that your application will
* use are associated with that user. This session name is included as part of the ARN and assumed role ID in the
* AssumedRoleUser response element.
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-
*
*
* @return An identifier for the assumed role session. Typically, you pass the name or identifier that is associated
* with the user who is using your application. That way, the temporary security credentials that your
* application will use are associated with that user. This session name is included as part of the ARN and
* assumed role ID in the AssumedRoleUser response element.
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following
* characters: =,.@-
*/
public String roleSessionName() {
return roleSessionName;
}
/**
*
* The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your application
* must get this token by authenticating the user who is using your application with a web identity provider before
* the application makes an AssumeRoleWithWebIdentity call.
*
*
* @return The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your
* application must get this token by authenticating the user who is using your application with a web
* identity provider before the application makes an AssumeRoleWithWebIdentity call.
*/
public String webIdentityToken() {
return webIdentityToken;
}
/**
*
* The fully qualified host component of the domain name of the identity provider.
*
*
* Specify this value only for OAuth 2.0 access tokens. Currently www.amazon.com and
* graph.facebook.com are the only supported identity providers for OAuth 2.0 access tokens. Do not
* include URL schemes and port numbers.
*
*
* Do not specify this value for OpenID Connect ID tokens.
*
*
* @return The fully qualified host component of the domain name of the identity provider.
*
* Specify this value only for OAuth 2.0 access tokens. Currently www.amazon.com and
* graph.facebook.com are the only supported identity providers for OAuth 2.0 access tokens. Do
* not include URL schemes and port numbers.
*
*
* Do not specify this value for OpenID Connect ID tokens.
*/
public String providerId() {
return providerId;
}
/**
* Returns true if the PolicyArns property was specified by the sender (it may be empty), or false if the sender did
* not specify the value (it will be empty). For responses returned by the SDK, the sender is the AWS service.
*/
public boolean hasPolicyArns() {
return policyArns != null && !(policyArns instanceof SdkAutoConstructList);
}
/**
*
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies.
* The policies must exist in the same account as the role.
*
*
* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plain text that you use
* for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see
* Amazon Resource Names (ARNs)
* and AWS Service Namespaces in the AWS General Reference.
*
*
*
* An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a
* separate limit. Your request can fail for this limit even if your plain text meets the other requirements. The
* PackedPolicySize response element indicates by percentage how close the policies and tags for your
* request are to the upper size limit.
*
*
*
* Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the
* intersection of the role's identity-based policy and the session policies. You can use the role's temporary
* credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use
* session policies to grant more permissions than those allowed by the identity-based policy of the role that is
* being assumed. For more information, see Session
* Policies in the IAM User Guide.
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* You can use {@link #hasPolicyArns()} to see if a value was sent in this field.
*
*
* @return The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session
* policies. The policies must exist in the same account as the role.
*
* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plain text that
* you use for both inline and managed session policies can't exceed 2,048 characters. For more information
* about ARNs, see Amazon Resource Names
* (ARNs) and AWS Service Namespaces in the AWS General Reference.
*
*
*
* An AWS conversion compresses the passed session policies and session tags into a packed binary format
* that has a separate limit. Your request can fail for this limit even if your plain text meets the other
* requirements. The PackedPolicySize response element indicates by percentage how close the
* policies and tags for your request are to the upper size limit.
*
*
*
* Passing policies to this operation returns new temporary credentials. The resulting session's permissions
* are the intersection of the role's identity-based policy and the session policies. You can use the role's
* temporary credentials in subsequent AWS API calls to access resources in the account that owns the role.
* You cannot use session policies to grant more permissions than those allowed by the identity-based policy
* of the role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
*/
public List policyArns() {
return policyArns;
}
/**
*
* An IAM policy in JSON format that you want to use as an inline session policy.
*
*
* This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting
* session's permissions are the intersection of the role's identity-based policy and the session policies. You can
* use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the
* role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy
* of the role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
*
*
* The plain text that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON
* policy characters can be any ASCII character from the space character to the end of the valid character list (
* through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( ) characters.
*
*
*
* An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a
* separate limit. Your request can fail for this limit even if your plain text meets the other requirements. The
* PackedPolicySize response element indicates by percentage how close the policies and tags for your
* request are to the upper size limit.
*
*
*
* @return An IAM policy in JSON format that you want to use as an inline session policy.
*
* This parameter is optional. Passing policies to this operation returns new temporary credentials. The
* resulting session's permissions are the intersection of the role's identity-based policy and the session
* policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in
* the account that owns the role. You cannot use session policies to grant more permissions than those
* allowed by the identity-based policy of the role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
*
*
* The plain text that you use for both inline and managed session policies can't exceed 2,048 characters.
* The JSON policy characters can be any ASCII character from the space character to the end of the valid
* character list ( through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( )
* characters.
*
*
*
* An AWS conversion compresses the passed session policies and session tags into a packed binary format
* that has a separate limit. Your request can fail for this limit even if your plain text meets the other
* requirements. The PackedPolicySize response element indicates by percentage how close the
* policies and tags for your request are to the upper size limit.
*
*/
public String policy() {
return policy;
}
/**
*
* The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the
* maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. If you
* specify a value higher than this setting, the operation fails. For example, if you specify a session duration of
* 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how
* to view the maximum value for your role, see View
* the Maximum Session Duration Setting for a Role in the IAM User Guide.
*
*
* By default, the value is set to 3600 seconds.
*
*
*
* The DurationSeconds parameter is separate from the duration of a console session that you might
* request using the returned credentials. The request to the federation endpoint for a console sign-in token takes
* a SessionDuration parameter that specifies the maximum length of the console session. For more
* information, see Creating a URL that Enables Federated Users to Access the AWS Management Console in the IAM User
* Guide.
*
*
*
* @return The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to
* the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours.
* If you specify a value higher than this setting, the operation fails. For example, if you specify a
* session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your
* operation fails. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.
*
* By default, the value is set to 3600 seconds.
*
*
*
* The DurationSeconds parameter is separate from the duration of a console session that you
* might request using the returned credentials. The request to the federation endpoint for a console
* sign-in token takes a SessionDuration parameter that specifies the maximum length of the
* console session. For more information, see Creating a URL that Enables Federated Users to Access the AWS Management Console in the IAM User
* Guide.
*
*/
public Integer durationSeconds() {
return durationSeconds;
}
@Override
public Builder toBuilder() {
return new BuilderImpl(this);
}
public static Builder builder() {
return new BuilderImpl();
}
public static Class serializableBuilderClass() {
return BuilderImpl.class;
}
@Override
public int hashCode() {
int hashCode = 1;
hashCode = 31 * hashCode + super.hashCode();
hashCode = 31 * hashCode + Objects.hashCode(roleArn());
hashCode = 31 * hashCode + Objects.hashCode(roleSessionName());
hashCode = 31 * hashCode + Objects.hashCode(webIdentityToken());
hashCode = 31 * hashCode + Objects.hashCode(providerId());
hashCode = 31 * hashCode + Objects.hashCode(policyArns());
hashCode = 31 * hashCode + Objects.hashCode(policy());
hashCode = 31 * hashCode + Objects.hashCode(durationSeconds());
return hashCode;
}
@Override
public boolean equals(Object obj) {
return super.equals(obj) && equalsBySdkFields(obj);
}
@Override
public boolean equalsBySdkFields(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (!(obj instanceof AssumeRoleWithWebIdentityRequest)) {
return false;
}
AssumeRoleWithWebIdentityRequest other = (AssumeRoleWithWebIdentityRequest) obj;
return Objects.equals(roleArn(), other.roleArn()) && Objects.equals(roleSessionName(), other.roleSessionName())
&& Objects.equals(webIdentityToken(), other.webIdentityToken())
&& Objects.equals(providerId(), other.providerId()) && Objects.equals(policyArns(), other.policyArns())
&& Objects.equals(policy(), other.policy()) && Objects.equals(durationSeconds(), other.durationSeconds());
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*/
@Override
public String toString() {
return ToString.builder("AssumeRoleWithWebIdentityRequest").add("RoleArn", roleArn())
.add("RoleSessionName", roleSessionName()).add("WebIdentityToken", webIdentityToken())
.add("ProviderId", providerId()).add("PolicyArns", policyArns()).add("Policy", policy())
.add("DurationSeconds", durationSeconds()).build();
}
public Optional getValueForField(String fieldName, Class clazz) {
switch (fieldName) {
case "RoleArn":
return Optional.ofNullable(clazz.cast(roleArn()));
case "RoleSessionName":
return Optional.ofNullable(clazz.cast(roleSessionName()));
case "WebIdentityToken":
return Optional.ofNullable(clazz.cast(webIdentityToken()));
case "ProviderId":
return Optional.ofNullable(clazz.cast(providerId()));
case "PolicyArns":
return Optional.ofNullable(clazz.cast(policyArns()));
case "Policy":
return Optional.ofNullable(clazz.cast(policy()));
case "DurationSeconds":
return Optional.ofNullable(clazz.cast(durationSeconds()));
default:
return Optional.empty();
}
}
@Override
public List> sdkFields() {
return SDK_FIELDS;
}
private static Function getter(Function g) {
return obj -> g.apply((AssumeRoleWithWebIdentityRequest) obj);
}
private static BiConsumer setter(BiConsumer s) {
return (obj, val) -> s.accept((Builder) obj, val);
}
public interface Builder extends StsRequest.Builder, SdkPojo, CopyableBuilder {
/**
*
* The Amazon Resource Name (ARN) of the role that the caller is assuming.
*
*
* @param roleArn
* The Amazon Resource Name (ARN) of the role that the caller is assuming.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder roleArn(String roleArn);
/**
*
* An identifier for the assumed role session. Typically, you pass the name or identifier that is associated
* with the user who is using your application. That way, the temporary security credentials that your
* application will use are associated with that user. This session name is included as part of the ARN and
* assumed role ID in the AssumedRoleUser response element.
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following characters:
* =,.@-
*
*
* @param roleSessionName
* An identifier for the assumed role session. Typically, you pass the name or identifier that is
* associated with the user who is using your application. That way, the temporary security credentials
* that your application will use are associated with that user. This session name is included as part of
* the ARN and assumed role ID in the AssumedRoleUser response element.
*
* The regex used to validate this parameter is a string of characters consisting of upper- and
* lower-case alphanumeric characters with no spaces. You can also include underscores or any of the
* following characters: =,.@-
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder roleSessionName(String roleSessionName);
/**
*
* The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your
* application must get this token by authenticating the user who is using your application with a web identity
* provider before the application makes an AssumeRoleWithWebIdentity call.
*
*
* @param webIdentityToken
* The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your
* application must get this token by authenticating the user who is using your application with a web
* identity provider before the application makes an AssumeRoleWithWebIdentity call.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder webIdentityToken(String webIdentityToken);
/**
*
* The fully qualified host component of the domain name of the identity provider.
*
*
* Specify this value only for OAuth 2.0 access tokens. Currently www.amazon.com and
* graph.facebook.com are the only supported identity providers for OAuth 2.0 access tokens. Do not
* include URL schemes and port numbers.
*
*
* Do not specify this value for OpenID Connect ID tokens.
*
*
* @param providerId
* The fully qualified host component of the domain name of the identity provider.
*
* Specify this value only for OAuth 2.0 access tokens. Currently www.amazon.com and
* graph.facebook.com are the only supported identity providers for OAuth 2.0 access tokens.
* Do not include URL schemes and port numbers.
*
*
* Do not specify this value for OpenID Connect ID tokens.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder providerId(String providerId);
/**
*
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session
* policies. The policies must exist in the same account as the role.
*
*
* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plain text that you
* use for both inline and managed session policies can't exceed 2,048 characters. For more information about
* ARNs, see Amazon
* Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
*
*
*
* An AWS conversion compresses the passed session policies and session tags into a packed binary format that
* has a separate limit. Your request can fail for this limit even if your plain text meets the other
* requirements. The PackedPolicySize response element indicates by percentage how close the
* policies and tags for your request are to the upper size limit.
*
*
*
* Passing policies to this operation returns new temporary credentials. The resulting session's permissions are
* the intersection of the role's identity-based policy and the session policies. You can use the role's
* temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You
* cannot use session policies to grant more permissions than those allowed by the identity-based policy of the
* role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
*
*
* @param policyArns
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session
* policies. The policies must exist in the same account as the role.
*
* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plain text that
* you use for both inline and managed session policies can't exceed 2,048 characters. For more
* information about ARNs, see Amazon Resource
* Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
*
*
*
* An AWS conversion compresses the passed session policies and session tags into a packed binary format
* that has a separate limit. Your request can fail for this limit even if your plain text meets the
* other requirements. The PackedPolicySize response element indicates by percentage how
* close the policies and tags for your request are to the upper size limit.
*
*
*
* Passing policies to this operation returns new temporary credentials. The resulting session's
* permissions are the intersection of the role's identity-based policy and the session policies. You can
* use the role's temporary credentials in subsequent AWS API calls to access resources in the account
* that owns the role. You cannot use session policies to grant more permissions than those allowed by
* the identity-based policy of the role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder policyArns(Collection policyArns);
/**
*
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session
* policies. The policies must exist in the same account as the role.
*
*
* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plain text that you
* use for both inline and managed session policies can't exceed 2,048 characters. For more information about
* ARNs, see Amazon
* Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
*
*
*
* An AWS conversion compresses the passed session policies and session tags into a packed binary format that
* has a separate limit. Your request can fail for this limit even if your plain text meets the other
* requirements. The PackedPolicySize response element indicates by percentage how close the
* policies and tags for your request are to the upper size limit.
*
*
*
* Passing policies to this operation returns new temporary credentials. The resulting session's permissions are
* the intersection of the role's identity-based policy and the session policies. You can use the role's
* temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You
* cannot use session policies to grant more permissions than those allowed by the identity-based policy of the
* role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
*
*
* @param policyArns
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session
* policies. The policies must exist in the same account as the role.
*
* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plain text that
* you use for both inline and managed session policies can't exceed 2,048 characters. For more
* information about ARNs, see Amazon Resource
* Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
*
*
*
* An AWS conversion compresses the passed session policies and session tags into a packed binary format
* that has a separate limit. Your request can fail for this limit even if your plain text meets the
* other requirements. The PackedPolicySize response element indicates by percentage how
* close the policies and tags for your request are to the upper size limit.
*
*
*
* Passing policies to this operation returns new temporary credentials. The resulting session's
* permissions are the intersection of the role's identity-based policy and the session policies. You can
* use the role's temporary credentials in subsequent AWS API calls to access resources in the account
* that owns the role. You cannot use session policies to grant more permissions than those allowed by
* the identity-based policy of the role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder policyArns(PolicyDescriptorType... policyArns);
/**
*
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session
* policies. The policies must exist in the same account as the role.
*
*
* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plain text that you
* use for both inline and managed session policies can't exceed 2,048 characters. For more information about
* ARNs, see Amazon
* Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
*
*
*
* An AWS conversion compresses the passed session policies and session tags into a packed binary format that
* has a separate limit. Your request can fail for this limit even if your plain text meets the other
* requirements. The PackedPolicySize response element indicates by percentage how close the
* policies and tags for your request are to the upper size limit.
*
*
*
* Passing policies to this operation returns new temporary credentials. The resulting session's permissions are
* the intersection of the role's identity-based policy and the session policies. You can use the role's
* temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You
* cannot use session policies to grant more permissions than those allowed by the identity-based policy of the
* role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
*
* This is a convenience that creates an instance of the {@link List.Builder} avoiding the
* need to create one manually via {@link List#builder()}.
*
* When the {@link Consumer} completes, {@link List.Builder#build()} is called immediately
* and its result is passed to {@link #policyArns(List)}.
*
* @param policyArns
* a consumer that will call methods on {@link List.Builder}
* @return Returns a reference to this object so that method calls can be chained together.
* @see #policyArns(List)
*/
Builder policyArns(Consumer... policyArns);
/**
*
* An IAM policy in JSON format that you want to use as an inline session policy.
*
*
* This parameter is optional. Passing policies to this operation returns new temporary credentials. The
* resulting session's permissions are the intersection of the role's identity-based policy and the session
* policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the
* account that owns the role. You cannot use session policies to grant more permissions than those allowed by
* the identity-based policy of the role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
*
*
* The plain text that you use for both inline and managed session policies can't exceed 2,048 characters. The
* JSON policy characters can be any ASCII character from the space character to the end of the valid character
* list ( through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( ) characters.
*
*
*
* An AWS conversion compresses the passed session policies and session tags into a packed binary format that
* has a separate limit. Your request can fail for this limit even if your plain text meets the other
* requirements. The PackedPolicySize response element indicates by percentage how close the
* policies and tags for your request are to the upper size limit.
*
*
*
* @param policy
* An IAM policy in JSON format that you want to use as an inline session policy.
*
* This parameter is optional. Passing policies to this operation returns new temporary credentials. The
* resulting session's permissions are the intersection of the role's identity-based policy and the
* session policies. You can use the role's temporary credentials in subsequent AWS API calls to access
* resources in the account that owns the role. You cannot use session policies to grant more permissions
* than those allowed by the identity-based policy of the role that is being assumed. For more
* information, see Session
* Policies in the IAM User Guide.
*
*
* The plain text that you use for both inline and managed session policies can't exceed 2,048
* characters. The JSON policy characters can be any ASCII character from the space character to the end
* of the valid character list ( through \u00FF). It can also include the tab ( ), linefeed ( ), and
* carriage return ( ) characters.
*
*
*
* An AWS conversion compresses the passed session policies and session tags into a packed binary format
* that has a separate limit. Your request can fail for this limit even if your plain text meets the
* other requirements. The PackedPolicySize response element indicates by percentage how
* close the policies and tags for your request are to the upper size limit.
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder policy(String policy);
/**
*
* The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the
* maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. If you
* specify a value higher than this setting, the operation fails. For example, if you specify a session duration
* of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To
* learn how to view the maximum value for your role, see View
* the Maximum Session Duration Setting for a Role in the IAM User Guide.
*
*
* By default, the value is set to 3600 seconds.
*
*
*
* The DurationSeconds parameter is separate from the duration of a console session that you might
* request using the returned credentials. The request to the federation endpoint for a console sign-in token
* takes a SessionDuration parameter that specifies the maximum length of the console session. For
* more information, see Creating a URL that Enables Federated Users to Access the AWS Management Console in the IAM User
* Guide.
*
*
*
* @param durationSeconds
* The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to
* the maximum session duration setting for the role. This setting can have a value from 1 hour to 12
* hours. If you specify a value higher than this setting, the operation fails. For example, if you
* specify a session duration of 12 hours, but your administrator set the maximum session duration to 6
* hours, your operation fails. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.
*
* By default, the value is set to 3600 seconds.
*
*
*
* The DurationSeconds parameter is separate from the duration of a console session that you
* might request using the returned credentials. The request to the federation endpoint for a console
* sign-in token takes a SessionDuration parameter that specifies the maximum length of the
* console session. For more information, see Creating a URL that Enables Federated Users to Access the AWS Management Console in the IAM
* User Guide.
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder durationSeconds(Integer durationSeconds);
@Override
Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration);
@Override
Builder overrideConfiguration(Consumer builderConsumer);
}
static final class BuilderImpl extends StsRequest.BuilderImpl implements Builder {
private String roleArn;
private String roleSessionName;
private String webIdentityToken;
private String providerId;
private List policyArns = DefaultSdkAutoConstructList.getInstance();
private String policy;
private Integer durationSeconds;
private BuilderImpl() {
}
private BuilderImpl(AssumeRoleWithWebIdentityRequest model) {
super(model);
roleArn(model.roleArn);
roleSessionName(model.roleSessionName);
webIdentityToken(model.webIdentityToken);
providerId(model.providerId);
policyArns(model.policyArns);
policy(model.policy);
durationSeconds(model.durationSeconds);
}
public final String getRoleArn() {
return roleArn;
}
@Override
public final Builder roleArn(String roleArn) {
this.roleArn = roleArn;
return this;
}
public final void setRoleArn(String roleArn) {
this.roleArn = roleArn;
}
public final String getRoleSessionName() {
return roleSessionName;
}
@Override
public final Builder roleSessionName(String roleSessionName) {
this.roleSessionName = roleSessionName;
return this;
}
public final void setRoleSessionName(String roleSessionName) {
this.roleSessionName = roleSessionName;
}
public final String getWebIdentityToken() {
return webIdentityToken;
}
@Override
public final Builder webIdentityToken(String webIdentityToken) {
this.webIdentityToken = webIdentityToken;
return this;
}
public final void setWebIdentityToken(String webIdentityToken) {
this.webIdentityToken = webIdentityToken;
}
public final String getProviderId() {
return providerId;
}
@Override
public final Builder providerId(String providerId) {
this.providerId = providerId;
return this;
}
public final void setProviderId(String providerId) {
this.providerId = providerId;
}
public final Collection getPolicyArns() {
return policyArns != null ? policyArns.stream().map(PolicyDescriptorType::toBuilder).collect(Collectors.toList())
: null;
}
@Override
public final Builder policyArns(Collection policyArns) {
this.policyArns = _policyDescriptorListTypeCopier.copy(policyArns);
return this;
}
@Override
@SafeVarargs
public final Builder policyArns(PolicyDescriptorType... policyArns) {
policyArns(Arrays.asList(policyArns));
return this;
}
@Override
@SafeVarargs
public final Builder policyArns(Consumer... policyArns) {
policyArns(Stream.of(policyArns).map(c -> PolicyDescriptorType.builder().applyMutation(c).build())
.collect(Collectors.toList()));
return this;
}
public final void setPolicyArns(Collection policyArns) {
this.policyArns = _policyDescriptorListTypeCopier.copyFromBuilder(policyArns);
}
public final String getPolicy() {
return policy;
}
@Override
public final Builder policy(String policy) {
this.policy = policy;
return this;
}
public final void setPolicy(String policy) {
this.policy = policy;
}
public final Integer getDurationSeconds() {
return durationSeconds;
}
@Override
public final Builder durationSeconds(Integer durationSeconds) {
this.durationSeconds = durationSeconds;
return this;
}
public final void setDurationSeconds(Integer durationSeconds) {
this.durationSeconds = durationSeconds;
}
@Override
public Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration) {
super.overrideConfiguration(overrideConfiguration);
return this;
}
@Override
public Builder overrideConfiguration(Consumer builderConsumer) {
super.overrideConfiguration(builderConsumer);
return this;
}
@Override
public AssumeRoleWithWebIdentityRequest build() {
return new AssumeRoleWithWebIdentityRequest(this);
}
@Override
public List> sdkFields() {
return SDK_FIELDS;
}
}
}